Laura Matzen, Michelle A Leger, Geoffrey Reedy (Sandia National Laboratories)

Binary reverse engineers combine automated and manual techniques to answer questions about software. However, when evaluating automated analysis results, they rarely have additional information to help them contextualize these results in the binary. We expect that humans could more readily understand the binary program and these analysis results if they had access to information usually kept internal to the analysis, like value-set analysis (VSA) information. However, these automated analyses often give up precision for scalability, and imprecise information might hinder human decision making.

To assess how precision of VSA information affects human analysts, we designed a human study in which reverse engineers answered short information flow problems, determining whether code snippets would print sensitive information. We hypothesized that precise VSA information would help our participants analyze code faster and more accurately, and that imprecise VSA information would lead to slower, less accurate performance than no VSA information. We presented hand-crafted code snippets with precise, imprecise, or no VSA information in a blocked design, recording participants’ eye movements, response times, and accuracy while they analyzed the snippets. Our data showed that precise VSA information changed participants’ problem-solving strategies and supported faster, more accurate analyses. However, surprisingly, imprecise VSA information also led to increased accuracy relative to no VSA information, likely due to the extra time participants spent working through the code.

View More Papers

Obfuscated Access and Search Patterns in Searchable Encryption

Zhiwei Shang (University of Waterloo), Simon Oya (University of Waterloo), Andreas Peter (University of Twente), Florian Kerschbaum (University of Waterloo)

Read More

More than a Fair Share: Network Data Remanence Attacks...

Leila Rashidi (University of Calgary), Daniel Kostecki (Northeastern University), Alexander James (University of Calgary), Anthony Peterson (Northeastern University), Majid Ghaderi (University of Calgary), Samuel Jero (MIT Lincoln Laboratory), Cristina Nita-Rotaru (Northeastern University), Hamed Okhravi (MIT Lincoln Laboratory), Reihaneh Safavi-Naini (University of Calgary)

Read More

Digital Technologies in Pandemic: The Good, the Bad and...

Moderator: Ahmad-Reza Sadeghi, TU Darmstadt, Germany Panelists: Mario Guglielmetti, Legal Officer, European Data Protection Supervisor* Jaap-Henk Hoepman, Radbaud University, The Netherlands Alexandra Dmitrienko, University of Würzburg, Germany, Farinaz Koushanfar, UCSD, USA *attending in his personal capacity

Read More

CLIK on PLCs! Attacking Control Logic with Decompilation and...

Sushma Kalle (University of New Orleans), Nehal Ameen (University of New Orleans), Hyunguk Yoo (University of New Orleans), Irfan Ahmed (Virginia Commonwealth University)

Read More